您的附件现在通过Apache Your attached files are now directly servable by Apache. However if you also have PHP (or ASP or any other server parsed language) installed then an attacker can upload a PHP script an then run it to exploit other local weaknesses.

For example, you can disable PHP for the appropriate directory (note that it's difficult to include instructions for disabling all server parsed languages).

This only disables php stuff - you have to add everything else on your own!

After you have completed the configuration changes, test by uploading an attachment for WikiSandBox. Then modify the WikiSandBox page to display the uploaded image or download the file. If there were existing attachments before this change, verify the old attachments are still available. Finally, review the Apache access.log file to verify you have a log entry showing the expected file access: